redline | b27f74f1c88980fbc920bb963d9637b916ee852fe97c6b39f805c1f419a3f315 | Triage

Submit
Reports

Overview

overview

Static

static

1

49f0d9e575...75.exe

windows7-x64

49f0d9e575...75.exe

windows10-2004-x64

Sharing

General

Target

49f0d9e57575c9c7bfad4e0df3054275
Size

1.1MB
Sample

231219-sgathaagen
MD5

49f0d9e57575c9c7bfad4e0df3054275
SHA1

90005e794f13d32a1b39f3cfdda90d3e8480dabb
SHA256

b27f74f1c88980fbc920bb963d9637b916ee852fe97c6b39f805c1f419a3f315
SHA512

9c234b9bde524a7272daa52de675f357714d74c09fdb3d3189a29f958e023cf14b1b52120a1eb8283c9d2d91ef3043844c69daa8f605bebed11dfc51338ae676
SSDEEP

24576:PmpTs9A+MvPrXRomg58Nrzq7FiEEKibvcuJLZyvYpLu3en+vdiL:Ms9KDhIcrOZUKSJ1yvYpLu3uwdiL

Score

10^/10

redline sectoprat @zenvolord infostealer rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

49f0d9e57575c9c7bfad4e0df3054275.exe

Resource

win7-20231129-en

redline sectoprat @zenvolord infostealer rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

49f0d9e57575c9c7bfad4e0df3054275.exe

Resource

win10v2004-20231201-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

@zenvolord

C2

185.209.22.181:34925

Attributes

auth_value
5a0918bd3e8ede8e02c8dd9d106a996d

Targets

- Target
  
  49f0d9e57575c9c7bfad4e0df3054275
- Size
  
  1.1MB
- MD5
  
  49f0d9e57575c9c7bfad4e0df3054275
- SHA1
  
  90005e794f13d32a1b39f3cfdda90d3e8480dabb
- SHA256
  
  b27f74f1c88980fbc920bb963d9637b916ee852fe97c6b39f805c1f419a3f315
- SHA512
  
  9c234b9bde524a7272daa52de675f357714d74c09fdb3d3189a29f958e023cf14b1b52120a1eb8283c9d2d91ef3043844c69daa8f605bebed11dfc51338ae676
- SSDEEP
  
  24576:PmpTs9A+MvPrXRomg58Nrzq7FiEEKibvcuJLZyvYpLu3en+vdiL:Ms9KDhIcrOZUKSJ1yvYpLu3uwdiL
Score

10^/10

redline sectoprat @zenvolord infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinesectoprat@zenvolordinfostealerrattrojan

behavioral2

© 2018-2024

Terms | Privacy